Data on 3 million Facebook users exposed, report says

The data was collected for a project at the University of Cambridge, according to New Scientist.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a shared portal. They locked the data with a username and password. But students later posted the login credentials online.

That exposed the data to anyone who did a quick web search to find the username and password, according to a report on Monday from New Scientist.

The incident has echoes of the larger scandal plaguing both Facebook and researchers affiliated with the University of Cambridge. Political consultancy Cambridge Analytica improperly obtained the data of 87 million Facebook users when researcher Aleksandr Kogan shared information he collected through a personality quiz.

In the new data exposure incident revealed by New Scientist, a different set of researchers collected user information with consent through a personality app, called myPersonality, and then made it available through a web portal. About four years ago, students with access to the data set posted the username and password online on the data sharing website GitHub. While the data was anonymized, privacy experts told the publication that it would be easy to associate data in the collection with the person who originally posted it on Facebook.

“We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies,” said Ime Archibong, Facebook’s vice president of product partnerships, in an emailed statement. “We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

The social network has suspended about 200 apps as part of its efforts to track down more apps that may have misused user information, Archibong said in a blog post Monday. The company will further investigate the apps, and Facebook plans to notify users of how exactly their data was affected if it finds evidence of abuse.

The University of Cambridge, the Psychometrics Centre and Aleksandr Kogan didn’t respond to requests for comment.

The researchers who controlled the data were based at The Psychometrics Centre at the University of Cambridge, according to New Scientist, a project that used to include Kogan.

“There is a lot more work to be done to find all the apps that may have misused people’s Facebook data — and it will take time,” Archibong said in his blog post. “We are investing heavily to make sure this investigation is as thorough and timely as possible. We will keep you updated on our progress.”

First published May 14, 2:11 p.m. PTUpdate, 5:16 p.m.: Adds comment from Facebook, background information and a link to the company’s blog post.